Our clients tell us they're concerned about network security. So are we.
Five years ago, Forrester reported that most data breaches affecting small and medium sized businesses were the result of internal vulnerabilities. By 2015, the threat landscape had changed so much that the SEC issued a warning:
"Small and mid-sized businesses are not just targets of cybercrime, they are its principal target. In fact, the majority of all targeted cyberattacks last year were directed at SMBs."
According to Cybersecurity Ventures, cybercrime is predicted to cost companies $6 trillion worldwide by 2021, with about half of those losses coming from small to medium businesses, who are ripe targets because they tend to have fewer IT resources than their enterprise counterparts.
These attacks have come in the form of hacks, phishing, trojans, worms... and about 25% are perpetrated by internal actors, according to Verizon's 2017 Data Breach Report.
What to Watch Out For
- Unauthorized wireless connections to the network
- A new user profile unexpectedly added to the business owner’s computer
- An application just installed on a locked down system
- User granted inappropriate admin credentials
- Unusual after hours log-ins
Surprisingly, when Forrester studied a sampling of internal security incidents, they discovered that only 12% were instigated by disgruntled employees with malicious intent. A whopping 27% were caused by employees’ inadvertent misuse of data.
This means that if your company does experience a security breach, it’s twice as likely to be perpetrated through a mistake by a reliable employee rather than disgruntled worker.
In short, your best employees could also be your greatest risk.
Protecting against both internal and external vulnerabilities is important for any-sized organization. The SEC reported that small to medium businesses that experience a breach can take several days to recover... and SMBs that are victims of a cyberattack are more likely to be targeted again.
Simply stated, your business can’t afford to be without checks and balances to ensure internal risks are minimized.
When it comes to employee activity, you need to adopt and enforce formal procedures for disposing of anything that might contain sensitive data, and establish a four-eyes policy for publishing information. And do perform periodic security education refreshers with your staff so they learn to recognize phishing emails and spoofed websites.
External risks require more extensive measures. The perceived vulnerability of SMBs puts your business at greater risk of becoming a victim of a malicious attack.
That’s why we recommend all our clients implement a layered approach to security, with safeguards like firewalls, anti-virus, and anti-malware.
The increased incidence and sophistication of the latest crop of cyberattacks may require stronger measures. Even if your company is able to effectively detect internal vulnerabilities, experts recommend hiring a third party to evaluate risks at least once per year.
Finally, you can combat a multitude of threats by deploying a comprehensive security-as-a-service solution with ongoing internal vulnerability detection, alerts, and remediation options. We've put together an infographic with predictions, statistics, and measures you can take right now to protect your business against data breaches, both internal and external.
This post has been updated to include the attribution and link to Cybersecurity Ventures' 2017 Cybercrime Damage Report.